Module 2: Threat Management & Cybersecurity Resources Flashcards
What is the goal of Threat Management?
To take the appropriate steps needed to minimize hostile cyber actions; “what threat can take advantage of a vulnerability to bypass our defenses, & how can we prevent it?”
What is the First Step in Threat Management?
Test the defenses to find any weaknesses
What is Penetration Testing?
Atempts to exploit vulnerabilities just as a threat actor would
How does Penetration Testing help with exposing vulnerabilities?
1) Helps to uncover new vulnerabilties
2) Provides a clear picture of their nature
3) Determines how they could be used against the organization
What does studying Penetration Testing involve?
- Defining what it is & why such a test should be conducted
- Examining who should perform the tests & the rules for engagement
- Knowing how to perform a penetration test
What is the First Step in a pen test?
Planning!
Why conduct a pen test, as opposed to a scan?
While a scan of network defense can help find vulnerabilities, the type of vulnerabilities revealed is different from a pen test
- Scan usually only finds surface problems to be addressed
- Many scans ar entirely automated & provide only a limited verification of any discovered vulnerabilities, while a pen test can find deep vulnerabilities
What are pros & cons or hiring Internal Employess to perform pen testing?
Pros:
- There is little or no additional cost
- The test can be conducted much more quickly
- An in-house pen test can be used to enhance the training of employees & raise the awareness of security risks
Cons:
- Inside Knowledge - would have an in-depth knowledge of the network & devices (threat actors would not have the same knowledge)
- Lack of Expertise - employees may not have the credentials needed to perform a pen test
- Reluctance to Reval - may be reluctant to reveal a vunerability discovered in a network or system that they or a fellow employee has been charged w/ protecting
Who is on the Red Team & what do they do?
Role: Attackers
Duties: Scans for vulnerabilities & then exploits them
Explanation: Has prior & in-depth knowledge of existing security, which may provide an unfair advantage
Who is on the Blue Team & what do they do?
Role: Defenders
Duties: Monitors for Red Team attacks & shores up defenses as necessary
Explanation: Scans log files, traffic analysis, & other data to look for signs of an attack
Who is on the White Team & what do they do?
Role: Referees
Duties: Enforces the rules of the penetration testing
Explanation: Makes note of the Blue Team’s responses & Red Team’s attacks
Who is on the Purple Team & what do they do?
Role: Bridge
Duties: Provides real-time feedback b/t the Red & Blue Teams to enhance the testing
Explanation: The Blue Team receives information that can be used to prioritize & improve their ability to detect attacks while the Red Team learned more about technologies & mechanisms used in the defense
What are the advantages & disadvantages of hiring an External Pen Testing Consultant?
Pros:
1) Expertise
2) Credentials
3) Experience
4) Focus
Cons:
1) May receive extremely sensitive information about systems & how to access them
2) This knowledge could be sold to a competitor
What are the Penetration Testing Levels?
1) Black Box
2) Gray Box
3) White Box
Describe the Black Box pen testing level?
Testers have no knowledge of the network & no special privileges
Task: Attempt to penetrate network
Pro: Emulate exactly what a threat actor would do & see
Con: If testers cannot penetrate the network, then no test can occur
Describe the Gray Box pen testing level?
Testers are given limited knowledge of the network & some elevated privileges
Task: Focus on systems w/ the greatest risk & value to the organization
Pro: More efficiently assess security instead of spending time trying to compromise the network & then determining which systems to attack
Con: This head start does not allow testers to truly emulate what a threat actor may do
Describe the White Box pen testing level?
Testers are given full knowledge of the network & the source code of applications
Task: Identify potential points of weakness
Pro: Focus directly on systems to test for penetration
Con: This approach does not provide a full picture of the network’s vulnerabilities
What are the Advantages of Crowdsourced pen tester?
- Fast testing, resulting in quicker remediation of vulnerabilities
- Ability to rotate teams so different individuals test the syste m
- Option of conducting multiple pen tests simultaneously
What are the Rules of Engagement?
Pen testing’s limitations or parameters
What happens to a pen test if there are no parameters?
W/o parameters, a pen test can easily veer of course & not accomplish the desired results, take too long to produce timely results, or test assets that are not necessary to test
What are the Categories for Rules of Engagement (7)?
1) Timing
2) Scope
3) Authorization
4) Exploitation
5) Communication
6) Cleanup
7) Reporting
What is the Timing Category for ROE?
- The timing parameter sets when the testing will occur
- Some considerations include: the start & stop dates of the test & should the action portions of the pen test be conducted during normal business hours; or if a vulnerability requires immediate attention
o Could cause unforeseen interruptions to normal activities
o After business hours or only on weekends
What is the Scope Category for ROE?
- Scope is what should be tested
- involves several elements that define the relevant test boundaries
- Environment (live production)
- Internal Targets (must be clearly identified for external 3rd-party gray box test or white box test)
- External Targets (testing a service or app hosted by a 3rd-party)
- Target Locations (r/t laws among states, provinces, & countries)
- Other Boundaries (additional to tech boundaries - physical security? limiting targets? limits spear phishing messages?)
What is the Authorization Category for ROE?
- Authorization is the receipt of prior written approval to conduct the pen test
o A formal written document must be signed by all parties before a pen test begins
